Overview of IS Risk Assessment (IP) Research Paper

Overview of IS Risk Assessment (IP) - Research Paper Example Measurements consist of (Sun, Srivastava, & Mock, 2006): Cost which is used to protect the information and systems Value of the information and information systems Threat probability and occurrence Effectiveness of Controls Prior to Risk Assessment Before conducting risk assessment, primary factors are considered. The identification of information assets lays the foundation for further assessment. Information assets are defined as the entities that hold organization data. A good discussion is available on ‘www.ibm.com’ which states it as, information assets precisely resembles with the nature of business and business strategy of the organization. Likewise, these information systems may be subjected to contractual and legislative compliance requiring protection from threats and mission critical systems. The information assets for an organization will be the technology assets, data asset, service asset and people asset. In a typical scenario of an organization’s net work, the owners for server hardware will be the server administration group. The owners for the applications running on the servers will be the application support group and the owners for the data, which is stored on the server, will be system development group. Question needs to be answered Moreover, the risk management process involves the implementation of safeguards and controls that are continuously observed. Likewise, risk management identifies information assets along with their weaknesses and prioritizes them as per severity and business impact. The self-examination process of risk management assists managers to identify and mark severity of information assets. However, it is not a fact that assets are only indicating as systems, they also includes people, hardware and software components. Moreover, risk management also reflects asset classification, categorization of groups with respect to business impact against each identified asset; there are certain questions that nee d to be answered: What is the most important or mission critical asset for the organization? Which asset generates profit for the organization? Which asset provides revenue for the organization? Which information asset has the most replacement cost? Which information asset requires significant protection cost? Which information asset reflects the most significant liability when breached? Phases of Risk Assessment The first phase of risk assessment is the investigation phase. The investigation phase is conducted to gather information regarding the system and resources. The threats are prioritized before assessment. The identification of critical components is conducted in order to prioritize threats. After prioritization, related plug-in is selected before execution. Risk assessment includes the scanning of all open ports of the system. This phase also conducts scanning of all known vulnerabilities. The next phase includes reporting of the findings which are extracted by investigatio n phase. The findings are then categorized in different priorities. The report illustrates open ports, number of vulnerabilities found at high status, number of vulnerabilities found at medium status, number of vulnerabilities found at low status (Fenz, Ekelhart, & Neubauer, 2011). Report also includes host information including the ‘netbios’ name, DNS name and operating system. This phas

Economic Issues For HMOs Essay Example | Topics and Well Written Essays - 1000 words

Economic Issues For HMOs - Essay Example As a representative of Castor, I am responsible for analyzing and providing optimal solution to my employer which generates most favorable utilization, maximizes its profits and simultaneously mitigates risks. Client Profile Constructit has an employee headcount of 1000 staff members, 550 males and 450 females, ranging within ages of 26 to 42 and comprising 60% of married people. Highest number of employees, amounting to 406, has ages between 26 and 30 while 314 are between 31 and 35, being second highest. However, while 53% of males belong to the dominant age bracket of 26 to 30, 43% of women belong to the age group of 31 to 35. 320 of these employees have job description involving rigorous physical tasks while 250 of them only carry out activities requiring moderate physical efforts. 170 males and 210 females have been diagnosed to have no major medical conditions that may contribute to company’s risk profile. However, the fact that 55 men and 36 women are reportedly chain s mokers, can be linked to become cause of respiratory difficulties, being one of the major reasons for taking sick leaves, amongst others including physical injuries, allergies and viruses, digestive problems and neural disorders. Comprising 39% of the total manpower, 198 males and 192 females suffer from obesity and are therefore highly susceptible to conditions like high blood pressure, diabetes and heart-related diseases such as high cholesterol. Analysis of plans The basic measure for checking if an insurance plan is feasible is to ensure a perfect balance between injury liability and insurance cover against it, such that the former doesn’t exceed the latter (Smith, pp. 68). Employees are responsible for paying insurance premiums themselves and Constructit shall not account for any expenses on their behalf. Given data reveals that personnel are only ready to bear an annual insurance premium not exceeding $4,000. The first plan, Castor Standard doesn’t cover preexist ing medical conditions of employees. This plan if implemented is capable of generating cash flows amounting to $3,428 annually for Castor. The costs that shall be incurred under this plan amount to $1,905 and $1,524 relating to inpatient and outpatient services respectively. The second plan, Castor Enhanced provides coverage for preexisting diseases and injuries found amongst employees. The costs incurred under this plan amount to $4,396 while aggregate earnings are $4,428. This large gap is justifiable due to high risks involved under this plan: Castor is responsible for bearing costs pertaining to preexisting conditions as well and therefore is charging premium as compensation for high risks involved. There is a third plan, Castor Enhanced Minor, which is a mere extension and tailored form of second plan with exclusion of few services that have high utilization. This in turn helps in controlling risks by flexibly adjusting each service and computing its sensitivity on costs incurr ed and profits earned. Constructit employees are majorly suffering from obesity and smoking addiction problems and therefore, substantial medical costs are speculated to be incurred in these two areas. Therefore, if two services, substance abuse treatment and obesity treatment, may be removed from Enhanced plan then the company is able to achieve a better balance between earnings ($3,882) and risks or costs incurred ($3,850). As a last resort, if none of the plans seem to be profitable for the company considering the